.\"
.\"	$OpenBSD: SSL_get_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
.\"
.Dd $Mdocdate: December 2 2014 $
.Dt SSL_GET_VERIFY_RESULT 3
.Os
.Sh NAME
.Nm SSL_get_verify_result
.Nd get result of peer certificate verification
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft long
.Fn SSL_get_verify_result "const SSL *ssl"
.Sh DESCRIPTION
.Fn SSL_get_verify_result
returns the result of the verification of the X509 certificate presented by the
peer, if any.
.Sh NOTES
.Fn SSL_get_verify_result
can only return one error code while the verification of a certificate can fail
because of many reasons at the same time.
Only the last verification error that occurred during the processing is
available from
.Fn SSL_get_verify_result .
.Pp
The verification result is part of the established session and is restored when
a session is reused.
.Sh RETURN VALUES
The following return values can currently occur:
.Bl -tag -width Ds
.It Dv X509_V_OK
The verification succeeded or no peer certificate was presented.
.It Any other value
Documented in
.Xr openssl 1 .
.El
.Sh SEE ALSO
.Xr openssl 1 ,
.Xr ssl 3 ,
.Xr SSL_get_peer_certificate 3 ,
.Xr SSL_set_verify_result 3
.Sh BUGS
If no peer certificate was presented, the returned result code is
.Dv X509_V_OK .
This is because no verification error occurred;
however, it does not indicate success.
.Fn SSL_get_verify_result
is only useful in connection with
.Xr SSL_get_peer_certificate 3 .
